The protection of private and organizational information and computational assets is a well-established need. Hacking and phishing attempts against computational systems are ubiquitous, and the perseverance of perpetrators seems limitless.
Common phishing attempts are frequently performed by perpetrators who may register a new internet domain, having a new domain name at a domain registrar. The new domain name (e.g., google.com, with three ‘o’s) may resemble that of a known and trusted domain name (e.g., google.com, with two ‘o’s), to fool a target user into thinking they are browsing a trusted web page and thus unsuspectingly disclose data to the perpetrator. Such domains can be referred to as phishing domains.
Perpetrators may also produce a certificate for their newly registered phishing domain, to, for example, bypass security measures that are commonly taken by commercially available web browsers.
State of the art solutions for such attacks are commonly centered on computational entities between the target user and their respective email server or network gateway. For example, a commercially available solution may include a mail gateway or proxy server, that may filter email messages according to their content. This may include, for example, quarantining of emails that are directed to lure people into clicking dubious links, transfer money, upload or download files, etc.
Additional commercially available solutions repelling attacks via phishing domains may include mail servers that are configured to detect suspicious messages according to, for example: 3rd party reports of suspicious domains, dubious links within an email, and various rule-based algorithms and machine-learning (ML) based techniques such as Natural Language Processing (NLP).
State of the art solutions can depend on successful analysis of content of a received message to determine whether it may be suspicious or whether it may be propagated to the targeted user.